TrustArc Cookie Consent Manager

Address GDPR Cookie Consent Requirements.

Website cookies are often necessary for the proper functioning of a business website, for analytics or for functional delivery of first-party or third-party advertising. Any cookie that is capable of identifying an EU resident, or treating them as unique without explicitly identifying them, means that the website is processing GDPR "personal data".

The GDPR mandates that companies collecting personal data from EU residents do so in accordance with strict notice and consent requirements, if consent is the justification for processing under GDPR Article 6. Recital 32 of the GDPR requires that consents must be freely given, specific, informed and unambiguous.

TrustArc Cookie Consent Manager

TrustArc has been a leader and innovator in the consent industry since 2012.

TrustArc Cookie Consent Manager has been relied upon by companies worldwide, ranging in size up to the Fortune 100 and in every industry sector. It is designed to meet the complex requirements of the GDPR, with the flexibility to evolve to meet the requirements of the ePrivacy Regulation.

Cookie Consent Manager provides a powerful, flexible, proven solution to address cookie compliance, including support for visual customization and branding, implementation through a single script, integration with tag management systems for zero cookie load (an opt-in configuration), audit trails and global implementation through dynamic language detection.

Cookie Consent Manager Features


IAB EU Framework Support

Option to support the IAB EU Transparency Consent Framework. Easy implementation for both new and existing customers.

IAB EU Framework

Tracker and Cookie Scanning

Detect a broad range of tracking technologies, including JavaScript tags, web beacons, local storage objects, cookies and much more. Scan results will trigger automatic updates to Cookie Consent Manager.

Privacy Compliance Scan

Reverse IP Country Lookup

Identify the country of each site visitor, allowing you to match the delivery of the cookie consent notice to the specific regulatory requirements for each site visitor.

Reverse IP Lookup

GDPR Compliance Reports

Provides a compliance audit trail and report detailing a data subject's cookie consent, time of consent and other metadata in compliance with GDPR Article 7(1), should a regulatory authority or a user require proof.

Privacy Compliance Reports

Integration with Tag Management Systems

Integrate with tag management systems by Adobe, Tealium, Signal, Ensighten, Google and others to support the strictest level of cookie consent — a "zero-cookie load". This means that you will be able to suspend cookies and other personal data processing actions from loading onto your site prior to obtaining the data subject's consent.

Integration with Tag Management Systems

Visual Customization and Branding

Custom tailor the cookie consent user experience to align with your corporate branding. Select colors, fonts, and logos to maintain your site’s look and feel.

Visual Customization and Branding

Dynamic Browser Language Detection

Dynamic language detection, which means one tag detects the correct browser language and displays the appropriate language for the user for the best user experience. Clients can support multiple languages through a single tag deployment rather than deploying one tag per language.

Browser Language Settings Detection

Cross-Domain Cookie Consent

Apply the consent of users from one website to another - across subsidiaries, brands or affiliates. This feature can improve the user's experience by not requiring them to consent multiple times as they navigate across your websites.

Cross-Domain Consent

TrustArc Direct Marketing Consent Manager

TrustArc also offers a solution to support compliance with GDPR consent requirements for activities such as promoting products and services, surveys, newsletter subscriptions and other marketing activities directed at data subjects. For more information, click here.

TrustArc Direct Marketing Consent Manager

TrustArcConnect Reseller Program

TrustArc offers an attractive reseller program for partners interested in adding privacy compliance technology solutions to their product portfolio. For more information, click here.

TrustArcConnect Reseller Program

Cookie Consent Guide: Frequently Asked Questions

Below are answers to some of the most popular cookie consent questions that we’ve received from customers.

What is cookie consent?

Cookie Consent is designed to provide website visitors with choice and control over their consent to use cookies and other tracking technologies when visiting websites. The capability is delivered using cookie consent code, and is required as part of compliance with the ePrivacy directive, GDPR, and the forthcoming ePrivacy Regulation.

What is a cookie consent banner?

The cookie consent banner (aka cookie consent bar or cookie popup) appears at the top of a website and notifies visitors, via a cookie consent message, about the use of cookies.

What is a GDPR compliant cookie consent solution?

In order to be compliant with GDPR (aka cookie consent DSGVO), a website should:

  • Inform the user how their personal data is being used prior to storing it on the device (by displaying cookie consent text).
  • Enable consent to use cookies via an explicit affirmative action.
  • Be able to prove that consent has occurred.
  • Provide a means for the withdrawal of consent and guarantee via prior blocking that no tracking is performed before consent is obtained.
  • State the category of each cookie on the website.

Do I need a GDPR compliant cookie consent solution if I only use Google analytics on my website?

Per the Google Analytics support website, “When using Google Analytics Advertising Features, you must also comply with the European Union User Consent Policy.”

If you have enabled Advertising features in Google Analytics, then consent from the EU citizen is a requirement.

What is the GDPR?

The General Data Protection Regulation (EU) 2016/679 ("GDPR") is a European Union (EU) law the deals with data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU.

How does the GDPR define personal data?

General Data Protection Regulation (GDPR) is designed to protect “natural persons” visiting websites “with regard to the processing of personal data and on the free movement of such data.” The GDPR has significantly broadened the concept of “personal data” for privacy purposes, including technical identifiers, location data, IP address, photos and other information that directly or indirectly can identify a distinct person, regardless of context.

What does the GDPR say about cookies and online tracking?

Per GDPR, the setting of tracking cookies can only occur once the user has provided their consent.

What does the GDPR say about cookies opt in and opt out?

GDPR Article 4(11) is clear about for opt-in consent. Specifically, it states:"any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed; …Silence, pre-ticked boxes or inactivity should therefore not constitute consent."

Opt-out is implied in the regulation. If the user does not explicitly opt in, they are opting out.

What is a GDPR compliant cookie policy?

In order to be compliant with GDPR, a website should:

  • Inform the user how their personal data is being used prior to storing it on the device.
  • Enable consent to use cookies via an explicit affirmative action.
  • Be able to prove that consent has occurred
  • Provide a means for the withdrawal of consent and guarantee via prior blocking that no tracking is performed before consent is obtained.
  • State the category and purpose of each cookie on the website.

What is the ePrivacy regulation?

Regulation on Privacy and Electronic Communications ("ePrivacy Regulation") has been proposed by the European Commission to replace the current ePrivacy Directive. The new ePrivacy Regulation would be effective in all EU Member States upon finalization and will not require separate implementing legislation by each EU member state. It is anticipated that the ePrivacy Regulation may come into effect in 2019.

What is the difference between the ePrivacy Regulation and the GDPR?

ePrivacy Regulation will apply to any entity that processes electronic communications data and any provider of electronic communications services ("ECS"). "Electronic communications data" includes information concerning the end-user processed for the purpose of transmitting, distributing, or enabling the exchange of content, as well as information regarding content transmitted or exchanged. ECS would include email, internet access services, SMS, VoIP, Internet of Things devices and public and semi-private Wi-Fi “hotspots”, among other things.

ePrivacy differs from GDPR in the following ways:

Specifically focused on electronic communications

While the GDPR is the general regulation for personal data stored or used by a company, ePrivacy is a law specifically governing electronic communications. So, when a data privacy issue is raised regarding communications, ePrivacy will be used by regulators for enforcement. The two laws are meant to complement one another.

Includes non-personal data

GDPR is entirely-focused on the protection of personal data. The ePrivacy regulation is more expansive in its definition of data protection as it is focused more broadly on the confidentiality of communications, "which may also contain non-personal data and data related to a legal person," the proposal states.

Derived from different areas of EU law

The GDPR is based on Article 8 of the European Charter of Human Rights which says: "Everyone has the right to respect for his private and family life, his home and his correspondence" - i.e., a data subject has rights and is informed about what processing is being carried out on his or her personal data.

ePrivacy reflects Article 7 of the Charter of Fundamental Rights, which states: "Everyone has the right to respect for his or her private and family life, home and communications." - i.e., the data subject is aware of and can make choices in the context of communications that impact him or her. Also, the user may be either an individual or legal entity (vs. an individual-only with GDPR).

What is the ePrivacy directive?

The ePrivacy Directive (aka the EU Cookie Law) was issued in 2002, and concerned the processing of personal data and the protection of privacy in the electronic communications sector.

What is the difference between the ePrivacy regulation and the ePrivacy directive?

Regulation on Privacy and Electronic Communications ("ePrivacy Regulation") has been proposed by the European Commission to replace the current ePrivacy Directive. The new ePrivacy Regulation would be effective in all EU Member States upon finalization and will not require separate implementing legislation by each EU member state, as was the case with the ePrivacy Directive. Put another way, regulations are legally binding across the EU and directives are designed to be incorporated into individual country’s laws, leaving open the possibility for different interpretations of the directive.

It is anticipated that the ePrivacy Regulation may come into effect in 2019.

What is the EU cookie law?

The "EU Cookie Law" is another name for EU Directive 2009/136/EC. In it, the European Parliament mandated that all countries within the EU need to establish laws requiring websites to obtain informed consent before they can store or retrieve information on a visitor's device.

Looking for a Cookie Consent solution for your company?


Resources